Acronis Cyber Protect Cloud has a rich built-in role catalog that supports least privilege, separation of duties, and accountable access control, but only a small minority of customer and partner tenants actually use these fitted roles. The data show especially low adoption of specialty roles such as Cyber administrator and Security analyst, with delegation discipline concentrated in a few regions and often driven by partner-side administration. #AcronisCyberProtectCloud #Cyberadministrator #Securityanalyst #PartnerPortal
Keypoints
- Only about 4.8% of active customer tenants have granted at least one fitted specialty role, while roughly 95.2% use none.
- About 1.15% of customer tenants have granted two or more specialty roles, indicating very limited separation of duties.
- Approximately 33.9% of customer tenants have no local administrator account and are managed entirely from the partner level.
- The most-used customer-side roles are Administrator (protection), File Sync and Share roles, read-only administrator (protection), Cyber administrator, and Security analyst.
- Security analyst is the deepest delegated role, averaging about 14 named analysts per tenant where Managed Detection and Response is purchased.
- Partner-side adoption is also low: only about 3.35% of partner tenants have at least one Partner Portal role.
- Regional adoption is strongest for Cyber administrator in South Africa, Mexico, Brazil, Italy, and the United States, while Security analyst is led by Colombia, the United States, and Australia.
MITRE Techniques
- [T1078 ] Valid Accounts – The article discusses granting and restricting access through named roles and administrator accounts, which depends on legitimate credentials (‘grant the minimum access required’ and ‘count how many users hold the default company administrator role’).
- [T1098 ] Account Manipulation – The article focuses on assigning users to fitted roles and changing entitlements for least privilege (‘every account assigned to a role’ and ‘step the default administrator down where it is no longer needed’).
- [T1021 ] Remote Services – The RMM operator role permits remote desktop sessions and remote management actions (‘remote desktop sessions, scripted on-demand actions and approved patch installation’).
- [T1003 ] OS Credential Dumping – Not mentioned.
- [T1069 ] Permission Groups Discovery – The article centers on role catalogs and access rights review, but does not explicitly describe discovery activity; included only as access-group context is discussed (‘review access entitlements per customer quarterly’).
- [T1484 ] Domain Policy Modification – Not mentioned.
Indicators of Compromise
- [Policy/Standard Names ] access-control and least-privilege guidance – NIST SP 800-53 AC-2, NIST SP 800-53 AC-6, NIST SP 800-207 Zero Trust Architecture, CIS Controls v8 Controls 5 and 6, ISO/IEC 27001:2022 Annex A 5.15-5.18, ENISA guidance
- [Product/Platform Names ] cloud security role catalog context – Acronis Cyber Protect Cloud, Partner Portal, Managed Detection and Response, RMM pack
- [Role Names ] delegated access examples – Cyber administrator, Administrator (protection), Security analyst, Restore operator, RMM operator, Partner Portal — Administrator